Some highlights out of the Top 9 IT Security Threats and Solutions relative to Sarbanes-Oxley mentioned in this article:
Threat #4 … with social engineering you compromise a human by tricking him/her into supplying personal information and passwords. Any method of communication will be used to perpetrate this fraud including telephones, mobile phones, text messaging, instant messaging, impersonation of support/vendor staff and social networking sites …. (emphasis mine)
Listed as a part of the #1 greatest blunder in tech history, e-mail and instant messaging data leaks and security are a considered major problem. A quote:
The web, email, and instant messaging have given criminals unprecedented opportunities for fraud, scams, and electronic spying. In 2007, corporations lost customer data to cyberthieves like never before. And today's vast digital repositories make for very juicy targets that can be copied onto a few DVDs slipped unnoticed in a jacket pocket.
More reason to control those leak apps, notably e-mail and instant messaging, be it OCS, SameTime, Jabber or all of the public and financial IM solutions.
Mary Mack recently posted her Top 10 e-Discovery Cases in 2008. This is an important read if you care about e-discovery.
Instant Messaging usage is growing relative to e-mail usage, and instant messages are discoverable for legal investigations, etc. Here’s a great quote from the article on Mary Mack’s blog over at the Discovery Resources website:
The State relied heavily on the IM messages between the Defendant and the child’s mother to prove their case. Based on the IM evidence and other circumstantial evidence, the jury “reasonably conclude[d] that Defendant had incited [the child’s mom] to use her daughter in a sexual performance . . . and/or to consent to her daughter’s participation in a sexual performance violation.”
There are currently a handful of vendor solutions who provide solutions in this area, Quest Policy Authority for Unified Communications, Symantec, and FaceTime.
Quest Software’s Policy Authority solution is an ideal solution for archiving, compliance and data leak protection (DLP) of Instant Messaging (IM) protocols including Office Communications Server 2007 R2, Lotus SameTime, Cisco Jabber, Reuters, Bloomberg, MSN, Yahoo, AOL and other IM protocols. Quest Policy Authority also supports archiving of BlackBerry PIN-to-PIN and BlackBerry call logs for compliance or tracking purposes. The solution is available in either software-only or appliance options, and is deployed in customers around the globe. In a manner of speaking, since MSN, Yahoo, AOL and BlackBerry all have Cloud Computing elements, Quest Policy Authority is an example of a customer-premises management solution being used to manage hybrid on-premises plus Software as a Service components.
Great article on electronic document retention. Some great tips from the article:
Practical Considerations for Electronic Document Retention
1. Keep document retention policies simple.
2. Do not let people with laptops become amateur transcribers. Ensure employees only use their company-issued computers for work-related documents.
3. Be careful of all informal notes.
4. Limit notes and board minutes to agreed actions items.
5. Do not engage in debates via email.
6. Never email sensitive material.
7. Monitor what people say via email, instant messaging and blogging.
8. Consider banning instant messaging and blogging.
9. Be careful of mobile email and text messaging. PDAs, BlackBerrys and other smart phone devices now serve as another location of potentially sensitive information.
10. Be careful of attorney-client privilege, or lack of privilege, especially when working outside the U.S.
11. Be sensitive when in-house legal counsel has dual roles of attorney and manager. Be aware of effect on privileged communications.
12. Be careful of outside service providers or web-based hosts such as AOL, Yahoo, etc.
From an instant messaging (IM) perspective, Quest Software’s Policy Authority solution (software-only or appliance options available) is ideally suited for monitoring, archiving and controlling communications.
Posts
All Comments
